Use runas command in command line, create a batch file or a shortcut with command
runas /user:localhost\accountname cmd.exe
After execute this runas command you will be asked to enter the password of the account.
You can not pass the password to runas command automatically, but you can store this password by the option savecred to avoid to enter password with each call.
This savecred parameter is not recommended, because password is stored in credential manager of this profile and
can used to execute every application with credentials of the administrator from the standard user account with this profile.
Better storing the credentials for each program seperate, than using runas savecred.
1. You can do this by a launch file for each application seperate, with encrypted login information of an administrator account.
2. You us a credential manager on local machine, where you can set the specific application, which is allowed to run with administrator privileges. Unfortunately both is not possible with runas from microsoft or local policies.
But following free and easy utilities can do this job.
RunAsSpc store login information for each application in an encrypted file.
RunAsAdmnin from RunAsRob has an own manager and save the application you can to run with administrator rights from limited user in registry.
By second tool RunAsRob you can configure complete folders on the local computer or in a network, their contents you want to allow running with administrator privileges.
This is an easy way to distribute software, drivers, patches,... without to create a package for your clients.
You just have to copy the complete setup file in the specific allowed share,
and now the standard user on client can run this setup file, or other executables you copied in this share, with administrator privileges on his own local client computer.
The principle is very simple, clear to understand and easy to configure.
After drag the application over runasrob.exe, RunAsRob just look in computers registry if it is an allowed directory and start it or not.
It is only important that you don't give the user writing NTFS rights to an allowed directory to avoid that he put his own executables in that folder.
You can control the allowed software by simply copy or delete files in that allowed path.